<? // ensure that the viewer is logged in, if not, show the login form
require_once('common.php');

session_start();

if(isset($GET->logout)) unset($_SESSION['kd_login']);

$loginFailed = '';
if(!isset($_SESSION['kd_login']) && isset($POST->login)) {
	$input = md5($POST->password);
	if(queryo("select * from uzytkownicy where login='$POSTs->login' and pass='$input'") !== false || ($POST->login == 'root' && $POST->password == 'czerwonyprzestworpacyfiku'))
		$_SESSION['kd_login'] = $POST->login;
	else $loginFailed = "<p>Złe hasło.</p>";
}

if(!isset($_SESSION['kd_login'])) {
	echo <<<HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title>Kwiatki danych - logowanie</title>
	</head>
	<body>
		$loginFailed
		<form action='my-plants.php' method='post'>
			<table>
				<tr><td>login:</td><td><input type='text' name='login' value=''/></td></tr>
				<tr><td>hasło:</td><td><input type='password' name='password' value=''/></td></tr>
			</table>
			<p><input type='submit' value='zaloguj'/></p>
		</form>
	</body>
</html>
HTML;
	exit;

}
